5 minute read
Some Ideas to Build Trust Among Users, Trade Diplomats and Other Market Actors
100 countries have cybersecurity strategies, not including those with strategies in draft.19
Malicious cross-border data flows are trade problems, but efforts to address these flows (cybersecurity strategies) can also distort trade (Meltzer and Kerry 2019). Members of the WTO discussed this problem in 2017. China provides a good example. During a routine discussion about trade barriers at the WTO, the European Union, the United States, Japan, Canada and Australia asked China to define the scope of its cybersecurity regulations and clarify the definitions of key terms such as “secure and controllable services and products” that are covered by the draft law. While members acknowledged the importance of safeguarding against “network intrusions” and “cyber-attacks,” as well as of protecting users’ personal information and sensitive data, they urged China to implement relevant measures in a non-discriminatory manner and in line with the Technical Barriers to Trade Agreement.20
Malware is not just a trade problem; like internet shutdowns, it can affect internet openness and generativity (OECD 2016). Governments have turned to the UN system to develop norms for cybersecurity. In March 2021, the 193 members of the UN Open-Ended Working Group agreed to endorse a report that promotes responsible state behaviour in cyberspace. The report notes that datadriven technologies “can be used for purposes that are inconsistent with the objectives of maintaining international peace, stability and security” (UNGA 2021a, para. 5). It also notes that “States concluded that threats may be experienced differently by States according to their levels of digitalization, capacity, ICT [information communication technology] security and resilience, infrastructure and development. Threats may also have a different impact on different groups and entities, including on youth, the elderly, women and men, people who are vulnerable, particular professions, small and medium-sized enterprises, and others. In light of the increasingly concerning digital threat landscape and recognizing that no State is sheltered from these threats, States underscored the urgency of implementing and further developing cooperative measures to address such threats” (ibid., paras 21–22). But the document is vague as to what states should do about addressing these threats beyond creating norms for state actions.
Bad actors use ransomware to take advantage of user and firm laziness — their failures to install patches on time, use updated infrastructure or hire the most effective cyber defenders. Government bodies are particularly vulnerable to ransomware, which can kick-start a vicious cycle. According to a report from the Deloitte Center for Government Insights, government agencies “must provide public services and cannot afford…to have data compromised to the point of governance paralysis. The cost of a police department unable to serve and protect the community or a school district unable to educate the community’s children escalates quickly” (Subramanian et al. 2020, 3). The cost is not just in funds but in trust of government and trust online.
Taken in sum, our shared failure to secure both the internet and the data that underpins it has put individuals,21 groups, firms, democracy and even national security at risk (Aaronson 2020). Hence, trade policy makers cannot argue that they are enabling free flows of data with trust without addressing these types of concerns. Moreover, if policy makers could develop a coordinated and effective international approach, they might diminish the economic and human costs of these problems. A recent study found that unilateral data regulations can either raise or reduce global welfare, but a coordinated approach would yield substantial gains (Chen, Hua and Maskus 2020, 4).
19 See www.itu.int/en/ITU-D/Cybersecurity/Pages/National-Strategiesrepository.aspx.
20 See www.wto.org/english/news_e/news17_e/tbt_20jun17_e.htm. 21 See www.gls.global/en/startupresources/what-are-the-risks-with-collectingpersonal-data.
Here are some ideas that policy makers could adopt to place trust (and user needs) at the heart of all trade agreements:
→ Incentivize cybersecurity through societal understanding. Public and private development donors should incentivize cybersecurity by requiring their development recipients to educate users on how to work safely online.
Nations have developed free tools that can be helpful, such as Europe’s No More Ransom tool.22
→ Address the concerns of users and foster international cooperation. An international conference should be convened to develop internationally accepted strategies to protect personal data, thwart cross-border spam and malware, and protect consumer welfare.
WTO members should encourage the United
Nations Commission on International
Trade Law (UNCITRAL) to create model laws finding such common ground.23
→ Challenge internet shutdowns as a barrier to trade. Nations can use the exceptions to justify such shutdowns, but democracies should challenge the use of blanket shutdowns as a barrier to trade in a trade dispute. Such a dispute could provide guidance as to whether such shutdowns are overly broad and how nations could limit their effects on other market actors.
In addition, at both the national and the international level, policy makers should expand the universe of who they listen to when they make digital trade policies (the feedback loop).
Most democracies ask for public comment on their trade policies (Aaronson and Zimmerman 2007; Inter-American Development Bank 2002; Ilott, Stelk and Rutter 2017). For example, the Office of the United States Trade Representative (USTR) solicited public comment regarding whether the United States should retaliate against governments imposing digital taxes.24 Canada recently asked its citizens to comment as to whether it should join the Digital Economy Partnership.25 Australia created a discussion paper and asked citizens to comment on the future of digital trade rules.26 Clearly, government officials understand that trust in government officials (political efficacy) is positively correlated with public engagement and participation.27
However, none of these countries provided evidence that they heard their citizens’ concerns and made changes in response to these concerns. Thus, countries should:
→ Create a portal and consistently ask for public comment. Incentivize stakeholder involvement through town halls, in speeches, and so forth. Trade leaders in the legislative and executive branch should highlight the importance of public comment.
→ Create an internet users’ advisory committee comprised of academics, internet civil society groups, internet activists and local government officials to discuss how digital trade rules may affect users and the internet as a whole. Trade policy makers should regularly consult the committee, which should have access to, and the ability to inform, tradenegotiating documents and processes.
→ In their annual report, trade-related agencies should delineate who provided public comment and how these comments were utilized.
Trade policy makers cannot say they care about trust but remain oblivious to the concerns of users. There can be no free flow of data without such user trust.
22 See www.nomoreransom.org/en/index.html.
23 Established in 1966, UNCITRAL works toward the progressive harmonization and modernization of the law of international trade by preparing and promoting the use and adoption of legislative and nonlegislative instruments in a number of key areas of commercial law.
24 See USTR (2021) and www.usitc.gov/section_337_building_record_ public_interest.htm. 25 See www.international.gc.ca/trade-agreements-accords-commerciaux/ consultations/fta-ale.aspx?lang=eng for all free trade agreement consultations; see www.international.gc.ca/trade-commerce/ consultations/depa-apen/index.aspx?lang=eng for the DEPA consultation.
26 See www.dfat.gov.au/trade/services-and-digital-trade/Pages/the-future-ofdigital-trade-rules-discussion-paper.
27 See www.oecd.org/gov/second-oecd-webinar-on-trust-highlights.pdf.
